Stony Brook University Create a Program Code Computer Programming Question

In this assignment, you’ll find it is a good place to alter the current OWASP dependency check to suppress false-positive reporting. To alter it, you’ll need to create a suppression.xml file and revise the code in the pom.xml file of your software application. You’ll do this revision to change the configuration settings of the dependency check in Maven and point to this suppression.xml file.

Specifically, you must address the following rubric criteria:

Static Testing: Using the code base provided in the Supporting Materials section, edit the pom.xml file to integrate the Maven dependency check.

You may want to look at the Integrating the Maven Dependency-Check Plug-in Tutorial. Then run a dependency check and document known vulnerabilities. Submit the HTML dependency-check report with the known vulnerabilities found.

A dependency check will show false-positive vulnerabilities. It is important that you understand the false positives. You’ve been told that you cannot implement a fix at this time for the vulnerabilities you found because no solution currently exists. However, you don’t want this warning signal to pop up for the community of developers who will test the security of this code base.

Reconfiguration:Sometimes, you have to live with an error until there is a fix for it. You must reconfigure the dependency-check tool to stop the alarms for false positives by creating a suppression.xml file and revising the code in the pom.xml file to alter the configuration of the dependency-check tool. By altering it, you’ll hide the false positives. Please note: The false positives are still there, but they won’t show up on the dependency-check report. To reconfigure the dependency-check tool, complete the following steps:

Open the dependency report HTML file in a web browser.

Click the suppress button next to the found vulnerability. See the example below.

(Check screenshots below) C)Click on the Complete XML Doc button, and then use Ctrl+Cto copy the highlighted contents as shown below.

Next, navigate back to the code base project in Eclipse and create a file called suppression.xml in the same directory as the pom.xml file.

Add the contents you copied from the complete XML doc in step C to the suppression.xml file you created.

Edit the pom.xml file and add the following in the configuration section of the OWASP check:

suppression.xml

Verification: Finally, use Maven Run As to run the dependency check again to verify that all dependencies are valid and that no false positives exist. Submit the HTML dependency-check report showing that all dependencies found are valid and that no false positives are present.

In addition to the dependency-check reports, be certain to zip the project folder in Eclipse and submit the refactored code, including suppression.xml and the revised pom.xml file.

Check the code base in the attachment below.

What I Need:

Submit (1) your refactored code (which includes the suppression.xml file you created and the pom.xml file you revised) and (2) your text submission that includes the HTML link for the dependency-check report before reconfiguration and the HTML link for the new dependency-check report after the reconfiguration with no false positives shown.